The education landscape is rapidly changing due to new new learning environments and digital tools. We owe it to our children to take steps to proactively protect them and make their online experience enjoyable and safe in and out of the classroom. Schools and service providers have a responsibility to students and their parents to safeguard their data and adhere to specific privacy practices that are clear and transparent.
Today, the Family Educational Rights and Privacy Act (FERPA), is the overarching federal law that deals with privacy in schools. However, there are numerous other laws, best practices, and guidelines that are essential to understanding your rights and responsibilities as it pertains to privacy in education and new legislation that is currently being proposed. In 2014, States introduced more than one hundred student data bills. Twenty-one states passed 24 new student data privacy laws. In 2015, forty-six states introduced 182 bills addressing student data privacy, and 15 states passed 28 new student data privacy laws. Several new federal bills have also been introduced in Congress aimed at protecting student information. About 170 companies — including Microsoft, Apple and Google — have agreed to a voluntary industry pledge that obligates companies not to use the student data collected by their classroom products for personalized advertising.
Here is an overview of a few you should be aware of:
The Family Educational Rights and Privacy Act (FERPA) was passed in 1974. Under FERPA, a school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent. However, there are a number of exceptions to this rule, which the Department of Education has laid out in a simple chart.
What you need to know:
FERPA gives parents certain rights with respect to their children’s education records. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s educational record. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
Schools must provide parents (or certain eligible students) with an opportunity to inspect and review their student’s education records within 45 days. If a service provider is maintaining or storing student records, they should be aware of the time limits for processing such requests.
Parents (or certain eligible students) have the right to request that schools amend their student’s education records that include inaccurate or misleading information.
California recently passed the first state law in the nation that comprehensively addresses student privacy called The Student Online Personal Information Protection Act (SOPIPA). SOPIPA becomes effective on January 1, 2016 and applies to websites, applications and online services who have actual knowledge that the service is being used for K-12 school purposes and was designed and marketed for K-12 purposes.
What you need to know:
Prohibits use of targeted advertising
Prohibits operators of online educational services from selling student data and using such information to target advertising to students or to “amass a profile” on students for a non-educational purpose.
Requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district
*Twenty other states have enacted student data privacy laws, but California is unique in making industry directly responsible for ensuring the privacy of student data.
The Student Privacy Pledge
The Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) announced a K-12 school service providers Pledge to safeguard student privacy built around a dozen commitments regarding the collection, maintenance, and use of student personal information.
The Student Privacy Pledge will hold school service providers accountable to:
Not sell student information
Not use behaviorally targeted advertising
Use data for authorized education purposes only
Not change privacy policies without notice and choice
Enforce strict limits on data retention
Support parental access to, and correction of errors in, their children’s information
Provide comprehensive security standards
Be transparent about collection and use of data.
An initial leadership group of major school service providers signed the Pledge; at least two dozen more have since joined them, and more come in every day. The group is made up of some of the leading names in education technology, including Amplify, Code.org, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, MIND Research Institute, myON, and Think Through Math.
Student Digital Privacy Act – Proposed Legislation
The White House unveiled the Student Digital Privacy Act, addressed by President Obama in his Road to the State of the Union Tour at the FTC on January 12, 2015. The legislation was proposed in an effort to keep our children safe even with the fast-evolving nature of technology. The proposed legislation is patterned on California’s new law (SOPIPA), and the Future of Privacy Forum and SIIA’s voluntary pledge for educational software vendors
What you need to know:
It will make it illegal for companies to sell student data to third parties for non-educational purposes.
The law would ban advertisers from targeting students based on data collected in schools.
Companies must delete a student’s information if the school or district requests deletion of this information
The Act will not apply to general audience sites, apps and online services outside of the school context.
The Act does not prohibit an operator from sharing aggregated de-identified student covered information for research and development.